<!DOCTYPE html>
<html>
<head>
<script src="../../../resources/js-test.js"></script>
<script src="../resources/common.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>

<script>
description("Tests deriveKey() with various bad parameters for ECDH");

jsTestIsAsync = true;

// The test data uses a public key and private key (from different key pairs) for the P-521 curve.
var privateKeyJwk = {
     "kty":"EC",
     "crv":"P-521",
     "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyid-6F48d7iI1zF6VRk7",
     "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
     "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
 };

var publicKeyJwk = {
   "kty":"EC",
   "crv":"P-521",
   "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
   "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
};

var privateKey384Jwk = {
    "kty": "EC",
    "crv": "P-384",
    "d": "pJLOj6kAhMIn4aMveXTTnp_2en6HBew0GbNftgdYK-vUYeCxUgrHbsLdTptj665x",
    "x": "5V_ubEnY1SP1znv5wEJc5P9lBwi33lz7CVkBUjl5p_BCYC2zCFRzU2mBO1w_Xvho",
    "y": "KPWcxdxQmJKpiNOKjiUZ3j0MT9D72wmT448YUGwXYGxeJCSSRvHOlJg6U2HFvpg-"
};

function importEcKeys() {
    var keys = {};

    debug("Importing the private key...");

    return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, ["deriveKey"]).then(function(result) {
        keys.private = result;

        debug("Importing the public key...");
        return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, []);
    }).then(function(result) {
        keys.public = result;

        // Same as keys.private but with deriveBits instead of deriveKey.
        return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, ["deriveBits"]);
    }).then(function(result) {
        keys.privateNoDeriveKey = result;

        // Import a P-384 private key.
        return crypto.subtle.importKey("jwk", privateKey384Jwk, {name: 'ECDH', namedCurve: "P-384"}, false, ["deriveKey"]);
    }).then(function(result) {
        keys.private384 = result;

        // Import the private key as ECDSA.
        return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDSA', namedCurve: "P-521"}, false, ["verify"]);
    }).then(function(result) {
        keys.publicEcdsa = result;

        // Import an AES key
        return crypto.subtle.importKey("raw", new Uint8Array(16), "aes-cbc", true, ["encrypt"]);
    }).then(function(result) {
        keys.aes = result;

        return keys;
    });
}

var ecKeys = null;

importEcKeys().then(function(result) {
    ecKeys = result;

    debug("\nDeriving an AES key with no length...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc'};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving an AES key with bad length...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 120};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving an AES key with unsupported length...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 192};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving an AES-CBC key with unsupported usage (sign)...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 128};
    var extractable = true;
    var usages = ['sign'];  // Not valid for AES-CBC.

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving using an ECDH key that has deriveBits but NOT deriveKey... usage");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 128};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.privateNoDeriveKey, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving using public instead of private key...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 128};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.public, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving using private instead of public key...");
    var algorithm = {name: 'ecdh', public: ecKeys.private};
    var derivedAlgorithm = {name: 'aes-cbc', length: 128};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key larger than the field size of P-521...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1", length: 1024};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a zero-length HMAC key...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1", length: 0};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key larger than field size of P-521, by requesting an HMAC SHA-512 key with no length...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-512"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key using mismatched curves on public/private keys...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private384, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key using a public EC key for different algorithm (ECDSA)...");
    var algorithm = {name: 'ecdh', public: ecKeys.publicEcdsa};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key using an AES key for public key...");
    var algorithm = {name: 'ecdh', public: ecKeys.aes};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key without specifying the \"public\" parameter...");
    var algorithm = {name: 'ecdh'};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving a key having specified a bogus \"public\" parameter...");
    var algorithm = {name: 'ecdh', public: -1};
    var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"};
    var extractable = true;
    var usages = ['sign'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving an ECDH key using ECDH...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'ECDH', namedCurve: "P-256"};
    var extractable = true;
    var usages = ['deriveBits'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("\nDeriving an RSA-OAEP key using ECDH...");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'RSA-OAEP', hash: "sha-1"};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(failAndFinishJSTest, function(result) {
    logError(result);

    debug("");
}).then(finishJSTest, failAndFinishJSTest);

</script>

</body>
</html>
